The demand for and corresponding rapid growth of 3G/Wi-Fi or 4G/Wi-Fi capable dual-mode smartphones and devices require broader bandwidth than ever before. Wi-Fi networks have been used as alternatives for offloading mobile data access from 3G or 4G networks for both domestic and roaming data usage.
For mobile networks, user credentials are issued as a Subscriber Identity Module (SIM) for Global System for Mobile Communications (GSM) networks. A SIM card securely stores a secret authentication key (Ki) identifying a mobile phone service subscriber, as well as subscription information, preferences, and other information. The SIM card also securely stores A3 and A8 programmable algorithms, the same logic as the A3/A8 algorithm stored in the mobile network's Home Location Register (HLR). The SIM card also stores the International Mobile Subscriber Identity (IMSI), which is used to uniquely identify the mobile phone service subscriber. When the SIM card is manufactured, the IMSI is paired with an authentication key Ki, a 128-bit number used for authentication and cipher key generation. The Ki is stored only on the SIM card and at the HLR and is never transmitted across the network, on any link.
The SIM card has corresponding components in different mobile networks. For example, the corresponding component in Universal Mobile Telecommunications System (UMTS) networks is the Universal SIM (USIM) card. The corresponding component in Code Division Multiple Access (CDMA) networks is the Removable User Identity Module (R-UIM) card.
The user credential, as a SIM card, is needed in the smartphone to complete the authentication and service registration procedure in mobile networks. Utilizing the existing user credential for the authentication, authorization, and accounting (AAA) in Wi-Fi networks is a challenge for seamless roaming when offloading mobile data to Wi-Fi networks. Similar challenges will exist when roaming from 3G or 4G networks into WiMAX networks.
The standard formats and procedures to implement SIM-based authentication protocol (Extensible Authentication Protocol (EAP) Method for GSM Subscriber Identity Module, or EAP-SIM, for authentication and session key distribution using the SIM from the GSM) is defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 4186. IETF RFC 4187 defines the EAP method for UMTS Authentication and Key Agreement (EAP-AKA) authentication.
Implementing the SIM-based authentication procedure in Wi-Fi or WiMAX networks requires EAP-SIM/EAP-AKA client software on the mobile device. This authentication procedure includes the following steps:                1. The client on the mobile device retrieves the IMSI from the SIM card and sends it via the network components to the Authentication Server, which, for GSM networks, is the HLR.        2. The HLR, which has the SIM card's specific secret authentication key (Ki) as well as the A3 and A8 algorithms, generates a random number (RAND) as the challenge, derives the Signed Responses (SRESs) based on the A3 algorithm together with the Ki and RAND, and derives the encryption key (Kc) based on the A8 algorithm using Ki and RAND.        3. The client on the mobile device receives RAND from the network components as the challenge. The client calls the SIM card to calculate the SRESs using the A3 algorithm, the Ki, and the RAND value, given that the A3 algorithm and the Ki are securely stored in the SIM card.        4. The client sends back the SRES to the network components, which compare the SRES from the HLR against the SRES from the client. If the SRESs match, the mobile device passes the authentication procedure and the network allows the mobile device to access the network. Otherwise, the network denies service to the mobile device.        
Generally, step 3 is important for the actual implementation of the client, as it needs to interface with the mobile device to call the SIM card algorithm. Due to sensitivity to subscriber data security concerns, it is difficult to implement the SIM-authentication procedure at the application layer because the operating system of the mobile device normally does not allow the application to directly interface with the SIM card. The operating system often encapsulates the interfaces in a core system driver layer and limits their access to a few applications that normally reside at the system core level.
Even if one operating system for a mobile device allows an application to directly interface to a SIM card, other operating systems may not make corresponding application programming interfaces (APIs) accessible. In these cases, the client is not generally available on the mobile devices. Thus, operating systems must be specifically modified for each mobile device before the mobile device can access, and thus roam between, different networks. This is an expensive, time consuming, and impractical procedure.